[Wazz]

I have come up with this rather simple solution for calculating a virtual offset of a function given it's signature. My only annoyance with this solution is that it requires an object with the respective virtual table in order to calculate the offset.

I would quite like a solution which does not require an object in order to calculate the offset mainly so all the calculations can be done when the plugin loads rather than when the first instance of an object appears. Other than reading op-codes from the class constructor (which would require another signature), is there another method of locating the address of a virtual table, using RTTI perhaps?

Here is what I have currently: http://hg.paulclothier.com/OBV_CHax/...nsion.cpp#l150 and yes I know, there's some terri-bad coding in there but I am only interested in the concepts at the moment.

[pRED*]

On linux the vtable has a symbol, so you can look this up fairly trivially.

Windows would be more interesting, finding a byte signature that doesn't break would probably be difficult.

The vtable is definitely locatable using RTTI information, though I haven't look into this.

If you look for IDA plugins (on OpenRCE) and find one called MSVC reversing helpers (I think), and run the ms_rtti4.idc it will dump a text file with all the vtable addresses. It should be possible to use similar logic at runtime.

I can find a download link tomorrow if you can't find it.

[Wazz]

Thanks for the tip, It has taken me a while (and the TF2 update put this on hold for a short while) but I have finally been able to locate class vtables using RTTI. I will clean up the code soon and push it to the repo, in case anyone is interested.